使用 Spring Security Java 配置时禁用基本身份验证 [英] Disable Basic Authentication while using Spring Security Java configuration

问题描述

我正在尝试使用 Spring Security java 配置来保护 Web 应用程序.

I am trying to secure a web application using Spring Security java configuration.

这是配置的样子:-

@Configuration
@EnableWebMvcSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    private String googleClientSecret;

    @Autowired
    private CustomUserService customUserService;

    /*
     * (non-Javadoc)
     * 
     * @see org.springframework.security.config.annotation.web.configuration.
     * WebSecurityConfigurerAdapter
     * #configure(org.springframework.security.config
     * .annotation.web.builders.HttpSecurity)
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {

        // @formatter:off
        http
            .authorizeRequests()
                .antMatchers(HttpMethod.GET, "/","/static/**", "/resources/**","/resources/public/**").permitAll()
                .anyRequest().authenticated()
            .and()
                .formLogin()
                    .and()
                .httpBasic().disable()
            .requiresChannel().anyRequest().requiresSecure();
        // @formatter:on
        super.configure(http);
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth)
            throws Exception {
        // @formatter:off
        auth
            .eraseCredentials(true)
            .userDetailsService(customUserService);
        // @formatter:on
        super.configure(auth);
    }
}

请注意，我已使用以下方法显式禁用 HTTP 基本身份验证:-

Notice that I have explicitly disabled HTTP Basic authentication using:-

.httpBasic().disable()

在访问安全 URL 时，我仍然收到 HTTP 身份验证提示框.为什么?

I am still getting HTTP Authenticaton prompt box while accessing a secured url. Why?

请帮我解决这个问题.我只想呈现捆绑的默认登录表单.

Please help me fix this. I just want to render the default login form that comes bundled.

Spring Boot 入门版本:1.1.5Spring 安全版本:3.2.5

Spring Boot Starter Version : 1.1.5 Spring Security Version : 3.2.5

谢谢

推荐答案

首先，调用 super.configure(http); 将覆盖你之前的整个配置.

First of all, calling super.configure(http); will override whole your configuration you have before that.

试试这个:

http
    .authorizeRequests()
        .anyRequest().authenticated()
        .and()
    .formLogin()
        .and()
    .httpBasic().disable();

这篇关于使用 Spring Security Java 配置时禁用基本身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！